<?php

/**
 * Name: 签到权限检查中间件
 * User: Silent
 * Date: 2025-11-07
 * Time: 17:30:00
 */

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class CheckinPermission
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
     * @param  string  $permission
     * @return \Illuminate\Http\JsonResponse
     */
    public function handle(Request $request, Closure $next, $permission = null)
    {
        $employee = $request->input('current_user');

        if (!$employee) {
            return response()->json([
                'code' => 401,
                'message' => '用户信息未找到',
                'data' => null
            ], 401);
        }

        $userRole = $this->getUserRole($employee);
        $userPermissions = $this->getUserPermissions($userRole);

        // 检查特定权限
        if ($permission && !$this->hasPermission($userPermissions, $permission)) {
            return response()->json([
                'code' => 403,
                'message' => '权限不足',
                'data' => null
            ], 403);
        }

        // 将用户角色和权限添加到请求中
        $request->merge([
            'user_role' => $userRole,
            'user_permissions' => $userPermissions
        ]);

        return $next($request);
    }

    /**
     * 获取用户角色
     */
    private function getUserRole($employee)
    {
        $position = $employee->position;

        if (in_array($position, ['主管', '部长', '经理'])) {
            return 'supervisor';
        } elseif (in_array($position, ['班长', '组长'])) {
            // 只有班长、组长有 leader 权限，副班长是普通员工
            return 'leader';
        } else {
            // 副班长及其他职位都是普通员工权限
            return 'employee';
        }
    }

    /**
     * 获取用户权限
     */
    private function getUserPermissions($userRole)
    {
        $permissions = [
            'employee' => [
                'can_checkin' => true,
                'can_view_own_records' => true,
                'can_view_calendar' => true,
            ],
            'leader' => [
                'can_checkin' => true,
                'can_view_own_records' => true,
                'can_view_calendar' => true,
                'can_view_team_records' => true,
                'can_review_team' => true,
                'can_view_team_calendar' => true,
            ],
            'supervisor' => [
                'can_checkin' => true,
                'can_view_own_records' => true,
                'can_view_calendar' => true,
                'can_view_team_records' => true,
                'can_review_team' => true,
                'can_view_team_calendar' => true,
                'can_view_all_records' => true,
                'can_review_all' => true,
                'can_manage_duty' => true,
                'can_view_statistics' => true,
                'can_manage_employees' => true,
            ]
        ];

        return $permissions[$userRole] ?? $permissions['employee'];
    }

    /**
     * 检查是否有特定权限
     */
    private function hasPermission($userPermissions, $permission)
    {
        return isset($userPermissions[$permission]) && $userPermissions[$permission];
    }
}
